Compliance Aspekte:
Win Trust with the compliance tool for TISAX® Certification

Book a Demo
TISAX Certification


Hosted in Germany

Trusted by

What is TISAX® and How We Can Help?

TISAX®, or Trusted Information Security Assessment Exchange, is an information security standard (ISA) for the automotive sector that was established by the VDA, Association of the Automotive Industry. The standard is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive business. Compliance Aspekte offers a software solution and consulting services for TISAX® assessment that is flexible and adaptable to individual requirements, protection levels, and best practices.

Benefits of TISAX® certification for your

Speak to our expert
  • Stand out as a reliable partner for OEM manufacturers and suppliers
  • Save time and budget by avoiding multiple information security assessments
  • Reduce risk with a risk management system
  • Facilitate collaboration and grow sales
  • Benefit from the unified standard for information security across the automotive industry
  • Conduct maturity assessment of the information security controls in the company.
  • Raise employees’ awareness about information security

Our Services for TISAX®

Compliance tool for the TISAX® certification

Audit and Consulting for TISAX® assessment


We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.

Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte.

Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.

Thorsten R.

One of the features we like best about Compliance Aspekte is its streamlined compliance process. The interface has a clean and structured design, ensuring usability and workflow speed. This not only results in a steep learning curve for new users but also lets experienced users minimize effort. At every stage during the security management lifecycle process, recurring tasks like scoping, structural analysis, modeling, and even tracking risks and controls are supported by a variety of features, e.g. mapping controls with multiple requirements, assigning individual assets to different scopes as well as expanding requirement and control catalogs. On top of that, the performance of the platform is great - it is stable and good in terms of speed efficiency. Having Helga, the compliance assistance bot, is also a very special plus as she can explain terms and provides guidance through the application. We really love and live Compliance Aspekte!

Florian Süß
Senior Information Security Consultant at DATA SYSTEMS GmbH

Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.

As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Compliance Aspekte to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.

Dr. Eckehardt S.
Deputy Director
Book a call

Enjoy the TISAX® VDA EXCEL-like Dashboards

TISAX tool

The target maturity levels per chapter are visualized by the green line.

To prepare for a TISAX® assessment, your maturity levels in the blue section should be by or above this line.

Your organization is ready for the TISAX® assessment if your result score (“Result with cutback to target maturity levels”) is close to ‘3.0’.

For the TISAX® certification, you need to conduct a self-assessment based on the ISA by finding out whether your ISMS matches the expected maturity level in the “Information Security Assessment” tabs.

Compliance Aspekte dashboard rates the maturity level of your information security management system per question.


Closer Look at How TISAX® Assessment Works

ISA incorporates significant aspects of ISO 27001 with additional criteria applicable to the automotive industry, i.e., prototype protection. The assessments are shared on the TISAX® VDA ISA catalog, granting transparency and simplicity to all the companies involved. They can select an audit provider and get standardized ISA results that other participants in the automotive industry accept.

TISAX® Assessment Levels and Protection Needs

TISAX® defines three assessment levels and three levels of protection: normal, high, and very high.

TISAX® assessment level 1 – normal protection need. It is not used in TISAX® but can be implemented for internal purposes in the true sense of a self-assessment. An assessor checks if a completed self-assessment exists but does not examine its content. Can be requested by your partner for a self-evaluation outside of TISAX®.

TISAX® Assessment level 2 – high protection need. Evaluation is carried out by an audit organization with the self-assessment as a basis, documents, and a phone interview.

TISAX® level 3 – a very high protection need. An independent audit company does the assessment based on documentation and an onsite audit.

5 steps on the way to TISAX® certification

Die Edition 2022 des IT-Grundschutz-Kompendiums enthält insgesamt 104 BSI IT-Grundschutz-Bausteine. Darunter sind 7 neue IT-Grundschutz-Bausteine sowie die 97 Bausteine aus der Edition 2021, von denen 16 Bausteine für die Edition 2022 überarbeitet wurden.
Get to know the TISAX® requirements.
Get ready
To gain access to the TISAX® portal, companies need to register as participants on the official TISAX® ENX association website. Choose your auditing body and prepare for the audit. Conduct a self-assessment to measure your compliance and readiness.
The way an audit is conducted depends on whether you qualify for a Level 2 or Level 3 assessment. Level 2 audits are done remotely, while Level 3 audits require onsite inspections. The audit consists of a document review, interviews, clarification of possible findings, and may include the following steps.
Share your results
After you decide which ENX participants to share your ISA results with, the audit provider will upload a TISAX® report to the platform.
A corrective action plan (CAP) must be prepared and submitted to the audit provider to resolve gaps revealed during the assessment. Afterward, the CAP is evaluated through a follow-up and completes the TISAX® report.

Simplify your TISAX® Compliance with Compliance Aspekte

Compliance Aspekte supports VDA Information Security Assessment based on VDA ISA catalog version 5.0.
  • The new catalog is fully implemented in Compliance Aspekte and is easy to work with. It contains the requirements from the spreadsheets “Information security,“ “Data protection“ and “Prototype protection” grouped in corresponding modules. Each requirement/control question is assessed by assigning levels of maturity.
  • The TISAX® requirements are displayed granularly and can be assessed separately. This helps to make the evaluation easier and more transparent, and crucially simplifies the decision-making process regarding the maturity level.
  • The criticality of each requirement (must, should, high) and its implementation status is visible. This feature makes it much easier to answer the control question if you see that e.g., all related requirements are implemented. You can go into details and see further information on the requirement, such as a responsible person, documents and tasks assigned, and individually added information. The implementation of requirements can be supported by the creation of corresponding tasks or by adding individual controls. You also have the possibility to conduct a self-assessment.
  • The assessment results of each topic can be seen on a dashboard. This way you always know at what point you are now.
  • Compliance Aspekte allows you to succeed in TISAX® assessments in one place and track progress easily.
  • Our tool for the TISAX® certification also supports a PDCA cycle, so it can help get certified and continuously improve your ISMS.
  • One solution for all standards: with Compliance Aspekte it’s possible to manage multiple standards within a single system, and thus share the efforts, and understand dependencies, current statuses, and other aspects.


Compliance Aspekte 9.2: GPT enablement, Integration with Azure and SAP infrastructures, enhanced ASPICE reporting, and more
October 31, 2023
Compliance Aspekte 9.2: GPT enablement, Integration with Azure and SAP infrastructures, enhanced ASPICE reporting, and more

Compliance Aspekte Launches Version 9.2 with Innovative Features for Enhanced IT Security and Compliance

Compliance Aspekte 9.1: History of changes, Document Generation, Automatic Risk Acceptance Changes, Jira Integration, and more
March 30, 2023
Compliance Aspekte 9.1: History of changes, Document Generation, Automatic Risk Acceptance Changes, Jira Integration, and more

Introducing Release 9.1, Compliance Aspekte announces the release of new features.

Risk Matrix: Complete Guide
February 24, 2023
Risk Matrix: Complete Guide

Risk is an unavoidable aspect of modern business, with both internal and external factors posing significant challenges to companies of any size or nature. A company’s ability to manage and reduce these risks is crucial to achieving success.

Data Privacy Trends to Watch in 2022-2025
December 7, 2022
Data Privacy Trends to Watch in 2022-2025

While countless gigabytes of private data end up scattered across on-site, cloud, hybrid, and third-party systems, data privacy laws continue to grant broad rights to personal data owners. Now users can request to get a copy or update it, ask to have their data deleted or restricted. What will the future of privacy be like?

Security Risk Analysis: A Step-By-Step Guide
November 17, 2022
Security Risk Analysis: A Step-By-Step Guide

Organizations are taking a risk-based approach to information security and compliance that enables them to bypass the need for an in-depth evaluation and analysis of every new threat. It introduces a systematic risk analysis management that aims to foresee new threats and take preventative action.


Try for free

Benefit of free usage of the Compliance Aspekte for 3 months to find out how the solution can optimize and streamline your compliance management.

    What Standards are you interested in?

    I have read the privacy policy and agree.

    Sign up for our newsletter

      The abbreviation stands for Trusted Information Security Assessment Exchange. It’s an industry-specific information security standard for the automotive sector managed by the ENX association on behalf of the VDA or the German Automobile Industry Association.

      TISAX is based on the essential requirements of ISO 27001, the internationally recognized standard for information security, and adapted solely for the automotive sector. ISO 27001 is applicable across all industries and depicts requirements, rules, and methods for ensuring information security within a company.
      TISAX® is not an obligatory certification. However, it is required and recognized by all the German Automotive Industry Association (VDA) members and original equipment manufacturers such as BMW, Audi, and Volkswagen. Therefore, the TISAX® certification is recommended for companies that want to operate in the automotive sector successfully.
      This standard is a trademark of the ENX Association based in Frankfurt am Main, Germany, and Paris, France. It includes automobile manufacturers, suppliers, and other national automotive associations. The main objective of the ENX Association is to facilitate and streamline secure and reliable collaboration over industrial value-added networks. That's why it scrutinizes the quality of the implementation and gives approval to assessment service providers according to a rigorous procedure.
      Here are a few reasons why a software tool might be better for TISAX® compliance management:

    • Excel might be a cumbersome tool for handling data protection, governance, and risk management. It does not provide a bird’s-eye view of all your compliance activities in your organization as spreadsheets require a lot of manual input and usually exist in silos apart from one another.
    • Using Excel you should manually make changes in several places as they are not automatically embedded.
    • Excel spreadsheets are not secure. They can be located in different shared folders, and multiple people can access and use them.
    • It’s almost impossible to work in Excel conveniently when multiple people are involved.

      With a special compliance tool in place, you will be spared all the inconveniences and multiple issues you have when working with Excel.
    • The TISAX® standard takes its origin from ISO 27001. It also uses ISO 27001 information security controls that define how requirements must be implemented.
      First and foremost, TISAX® provides you with better information security and transparency. This certification is recognized by world-famous automotive companies such as Volkswagen, BMW, and Audi.
      Sure. We have the necessary knowledge of the automotive industry and hands-on experience in ISMS implementation. In addition to our compliance tool, our authorized ISMS experts will accurately assess your company’s level of preparedness for an official TISAX® assessment.
      TISAX® is a registered trademark of the ENX Association . Infopulse GmbH has no business relationship with ENX. Mentioning the TISAX® brand does not imply any statement by the brand owner on the suitability of the services advertised here.
      Compliance AI bot